Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

explicitly making any user logout from the site

 
sachin yadav
Ranch Hand
Posts: 156
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am using spring security for maintaining user authentication and authorization. We have different roles for our site. Now a admin can see all the logged in users and can logout any user from admin page.

I have an approach to make a custom filter and put it in the filter chain process of spring security. This filter will put the userId and sessionId of the user(after sucessful login), to a hashmap. A admin can iterate and see all the logged in users by iterating to that hash map.

Now when he clicks on logout button, how do i invalidate the session for that particular users. I can get sessionId based on a userId from hashmap, but i have no idea what to do with this session as i have no method like

HttpSession.invalidate(userSessionId);

Can someone please help me with any idea?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic